 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2001-1246 |
| Description: | PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.51245 1.3.6.1.4.1.25623.1.0.51842 1.3.6.1.4.1.25623.1.0.50837 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-1246 BugTraq ID: 2954 http://www.securityfocus.com/bid/2954 Bugtraq: 20010630 php breaks safe mode (Google Search) http://online.securityfocus.com/archive/1/194425 RedHat Security Advisories: RHSA-2002:102 http://www.redhat.com/support/errata/RHSA-2002-102.html RedHat Security Advisories: RHSA-2002:129 http://www.redhat.com/support/errata/RHSA-2002-129.html RedHat Security Advisories: RHSA-2003:159 http://www.redhat.com/support/errata/RHSA-2003-159.html XForce ISS Database: php-safemode-elevate-privileges(6787) http://www.iss.net/security_center/static/6787.php |